Nmap probes a target before scanning it for open ports and services. Nmap address probing works as follows:-
For root / administrator users
-> If the attacker / scanning box is on the same subnet as the target, then nmap will only out ARP requests.
However if attacker sits on a different subnet than the target, then nmap will send
-> ICMP Echo Request
-> TCP SYN to port 443
-> TCP ACK to port 80
-> ICMP Timestamp Request [Type 13]
Note that Nmap sends out ALL 4 probe packets at once; it does not wait to receive response to ICMP Echo Request.
For non-root / non-administrative users
Nmap will simply start a 3-way handshake by sending
-> TCP SYN to port 80
-> TCP ACK to port 443
It does NOT send any ICMP packet.